International Journal of Engineering & Technology Sciences (IJETS) 1 (4): 177-191, 2013 ISSN 2289-4152 © Academic Research Online Publisher Research Article Malicious Insider Attacks Based Colored Petri Nets Approach Abdelali EL BOUCHTI, Abdelkrim HAQIQ Computer, Networks, Mobility and Modeling laboratory e-NGN research group, Africa and Middle East FST, Hassan 1st University, Settat, Morocco E-mail address: {a.elbouchti, ahaqiq}@gmail.com ARTICLE INFO Accepted: 01 July213 A b s t r a c t In this paper, we propose Colored Petri Net (CoPNet) modeling approach by extending the attack trees with new modeling constructs and analysis approaches. CoPNet based attack model is flexible enough to model Internet intrusion, including the static and dynamic features of the intrusion. The process and rules of building CoPNet based attack model from AT are also presented. In order to evaluate the risk of intrusion, some cost elements are added to CoPNet based attack modeling. We show how attack trees can be converted and analyzed in CoPNets. Finally, we provide a malicious insider attacks as case study that illustrates the CoPNet approach. © Academic Research Online Publisher. All rights reserved. Keywords: Vulnerability Attack modeling Attack tree Colored petri net Malicious insider attacks 1. Introduction A secure computer system provides guarantees regarding the confidentiality, integrity and availability of its objects (such as data, processes or services). However, systems generally contain design and implementation flaws that result in security vulnerabilities. An intrusion takes place when an attacker or group of attackers exploit security vulnerabilities and thus violate the confidentiality, integrity, or availability guarantees of a system or a network. Intrusion Detection Systems (IDSs) [10] detect some set of intrusions and execute some predetermined action when an intrusion is detected. Some literatures show a comprehensive taxonomy of Internet attack [4, 21]. Other common intrusion database such as [5] also creates a common namespace for all vulnerabilities and exploits. Taxonomy of attacks fails to formally express their dynamic properties. Some graph-based attack models also provide means for modeling intrusion [7]. Other research [6] uses the software fault tree approach to